Use the Best Practice Assessment (BPA) tool to check
the network configuration (GlobalProtect, Zones, etc.) to identify
weaknesses to improve.
all checks for network-related configuration and begins on the
On the left nav, select the network check you want to review to
understand the existing configuration and to identify potential gaps
in best practice configuration related to Zones, GRE Tunnels, and
to GlobalProtect, IPsec Crypto, Interface Management, and Zone Protection
profiles. The following example shows the result for Zones.
The report shows the current configuration for each item. The
best practice check results for each item appears below its current
configuration. You can specify a
limit the scope of the information displayed.
Each check has pass/fail status and recommendations for failed
best practice checks. Click help (
the rationale for each check and links to best practice documentation.
When one or more checks fail, the item’s title turns red.
When you review the
tab, at a
minimum, review the following items to help understand the potential
scope of remediation:
—Whether each zone
has Packet Buffer Protection enabled and has a Zone Protection profile.
—Whether Flood Protection and Packet-Based
Attack Protection are enabled.